-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.ts
101 lines (94 loc) · 2.48 KB
/
index.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
export namespace turnstile {
export type errorMessage =
/**
* The secret parameter was not passed.
*/
| 'missing-input-secret'
/**
* The secret parameter was invalid or did not exist.
*/
| 'invalid-input-secret'
/**
* The response parameter was not passed.
*/
| 'missing-input-response'
/**
* The response parameter is invalid or has expired.
*/
| 'invalid-input-response'
/**
* The request was rejected because it was malformed.
*/
| 'bad-request'
/**
* The response parameter has already been validated before.
*/
| 'timeout-or-duplicate'
/**
* An internal error happened while validating the response. The request can be retried.
*/
| 'internal-error'
export type success = {
success: true
/**
* ISO timestamp for the time the challenge was solved.
*/
challenge_ts: string
/**
* Hostname for which the challenge was served.
*/
hostname: string
/**
* List of errors that occurred.
*/
'error-codes': []
/**
* Customer widget identifier passed to the widget on the client side.
*
* This is used to differentiate widgets using the same sitekey in analytics. Its integrity is protected by modifications from an attacker. It is recommended to validate that the action matches an expected value.
*/
action: string
/**
* Customer data passed to the widget on the client side.
*
* This can be used by the customer to convey state. It is integrity protected by modifications from an attacker.
*/
cdata: string
}
export type error = {
success: false
/**
* List of errors that occurred.
*/
'error-codes': turnstile.errorMessage[]
}
export async function verify({
secret,
response,
ip
}: {
/**
* The site’s secret key.
*/
secret: string
/**
* The response provided by the Turnstile client-side render on your site.
*/
response: string
/**
* The user’s IP address.
*/
ip?: string
}): Promise<turnstile.success | turnstile.error> {
const form = new FormData()
form.append('secret', secret)
form.append('response', response)
if (ip)
form.append('remoteip', ip)
const res = await fetch('https://challenges.cloudflare.com/turnstile/v0/siteverify', {
method: 'POST',
body: form
})
return await res.json() as turnstile.success | turnstile.error
}
}